Download presentation
Presentation is loading. Please wait.
Published byJustina Tucker Modified over 9 years ago
1
DIGITAL CERTIFICATE & SSL PRESENTED BY, SWAPNA ERABATHINI
2
CONTENTS What is SSL ? SSL Hand Shake Process Man-in-the-Middle Attack SSL Connection
3
SOCKET LAYER Socket Layer lives between Application & Transport Layer APPLICATION TRANSPORT.... Socket layer What is SSL ? -S ecured S ocket L ayer -It’s a protocol lies between HTTP & TCP -Used for secured Internet transactions. (conti..)
4
-For example :- Let us consider a transaction to buy items at ebay.com 1.Be sure about the Site ie Authenticate the site 2. The credit card information information should be secure while transmitting i.e, - Confidentiality - Integrity
5
SSL HANDSHAKE PROCESS CLIENT SERVER 1 2 -SSL Version -Cipher List -Data Compression Methods -Session ID -Random Data R a 1 -SSL Version -Cipher -Data Compression Methods -Session ID -Random Data R b - CERTIFICATE 2
6
How Client Verifies the Server Certificate ? Certificate has 2 sections - Data Section (Version No., Serial No.,Public Key Information, Distinguished Name (DN) of CA, Validity Period, Domain Name) - Signature Section (Cryptographic Algorithms, Digital Signature of CA) Validating Process - Issuing CA’s are trusted one. - Validate CA Digital Signature on Server Certificate. - Validate Current date to ensure it is within the validity period. - Domain Name match. - Server Certificate Verified.
7
CLIENT SERVER 1 2 (CONTI…) OF SSL HANDSHAKE {S} SERVER, E(h(msg,CLNT,K),K) (h(msg,SRVR,K) - S :- Pre-Master secret - msg :- All previous messages - CLNT & SRVR are constants - K :- h(S,R a,R b )
8
The SSL Keys Derived From K = h(S,R a,R b ) 2 keys are derived :- -Client and server session key production is a function of the CIPHER-CHOICE -The Key K produced by Client is called CLIENT-WRITE-KEY (SERVER- READ-KEY). -The Key K produced by Server is called SERVER-WRITE-KEY (CLIENT- READ-KEY). -For eg :- For SSL_CK_DES_64_CBC_WITH_MD5 Cipher KEY-MATERIAL-0 = MD5[ MASTER-KEY,R a, R b ] CLIENT-READ-KEY = KEY-MATERIAL-0[0-7] CLIENT-WRITE-KEY = KEY-MATERIAL-0[8-15]
9
THE MAN-IN-THE-MIDDLE ATTACK -The Bad Guy cannot authenticate himself as Server by Server Certificate. - The Bad Guy cannot decrypt the {S} server -Bad Guy own certificate fail - Client verifies the Signature on Bad Guy certificate.
10
SSL CONNECTIONS -It’s a efficient protocol -Opening new SSL connections if SSL sessions already exists. -Uses same symmetric key K -Avoids the expensive public key operation CLIENT SERVER Session ID,Cipher, R b, h(msg,SRVR,K) (h(msg,CLNT,K) Session ID,Cipher list, R a
11
Q & A
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.